Valid values are 1 = Strictly define directory tree location for entries without country attributes 0 (or setting omitted) = Do not strictly define directory tree location for entries without country attributes
For example, suppose you use LDAP_CountryCheck=1, and then given this search query:
Scope: subtree
Search base: c=us
Search filter: cn=*Alan*
the LDAP service will return an entry with the distinguished name cn=Alan Jones, o=Acme, c=US but not return an entry with the distinguished name cn=Alan Smith, o=Acme. If you omit the setting or specify a value of 0, the LDAP service will return both entries, given the same search query.
Note that even if you omit the setting or specify a value of 0, the LDAP service won't return an entry with the distinguished name cn=Alan Woods, o=Acme, c=CA given the search query above.
Enable this setting only if some entries in the Domino Directory include country components in their distinguished names, but others do not. If you enable this setting, Microsoft Outlook Express users who do not explicitly specify a search base may not see the search results they expect. This is because Outlook Express provides the country associated with the version of its software as a default search base when users don't specify one. If you use LDAP_CountryCheck=1 and Outlook Express clients use the default search base, the LDAP service returns only entries that have distinguished names that contain a country component that corresponds to the default search base. If your LDAP users are primarily Outlook Express users, you may not want to enable this setting. If your primary LDAP users are not Outlook Express users, we recommend enabling this setting.